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m THFCTATMS; 

A status of all the claims of the present Application is presented below: 

1. (Currently amended) A method of defining the security vulnerability of a 
computer system, comprising: 

generating a human-readable and machine-readable vulnerability description language 

(VD I,) fi le specifying: 

an attack representing a recognized vulnerability of the computer system; 
specifying at least one attribute of the specified attack; 

specifying at least one policy definition with respect to detecting the 
vulnerability of the computer system to the specified attack; and 
specifying a remedy for the specified vulnerability. 

2. (Currently amended) The method, as set forth in claim 1, further comprising 
generating the VDT, file specifying at least one attribute of the specified policy definition. 

3. (Currently amended) The method, as set forth in claim 1, further comprising 
generating the VDT, file specifying a computing platform of the computer system. 

4. (Currently amended) The method, as set forth in claim 1, further comprising 
generating the VDT, file: 

specifying a security category of the specified attack; and 

specifying at least one policy group with respect to the specified security category. 

5. (Currently amended) The method, as set forth in claim 1, further comprising 
generating the VDT. file specifying a vulnerability scanner executing on the computer system. 

6. (Original) The method, as set forth in claim 1, wherein specifying at least one 
attribute of the specified attack comprises specifying an identification of the severity 
associated with a breach of the computer system by the attack. 



Page 4 



Application Serial No. 10/001,410 



PATENT 



7. (Original) The method, as set forth in claim 1, wherein specifying at least one 
attribute of the specified attack comprises specifying a description of the attack. 

8. (Original) The method, as set forth in claim 1, wherein specifying at least one 
attribute of the specified attack comprises specifying an explanation of why the specified 
attack is important. 

9. (Original) The method, as set forth in claim 1, wherein specifying at least one 
attribute of the specified attack comprises specifying how information is to be reported to a 
user with respect to the specified attack. 

10. (Original) The method, as set forth in claim 1, wherein specifying at least one 
attribute of the specified attack comprises specifying a source of a remedy operable to fix the 
specified vulnerability. 

11. (Original) The method, as set forth in claim 1, wherein specifying at least one 
attribute of the specified attack comprises specifying information to enable a manual remedy 
of the specified vulnerability. 

12. (Currently amended) A method of defining a security vulnerability condition of 
a system, comprising: 

generating a human-readable and machine-read able vulnerability description language 
(VDI ,) file specifying: 

a name of a vulnerability associated with the system; 

specifying at least one attribute of the specified vulnerability; 

sp e cifying a remedy for the vulnerability according to the specified computing 

platform; 

specifying a policy definition with respect to detecting the specified 
vulnerability; and 

specifying at least one attribute of the specified policy definition. 
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13. (Original) The method, as set forth in claim 12, further comprising specifying a 
computing platform of the system. 

14. (Original) The method, as set forth in claim 12, further comprising: 
specifying a security category of the specified vulnerability; and 

specifying at least one policy group with respect to the specified security category. 

15. (Original) The method, as set forth in claim 12, further comprising specifying a 
vulnerability scanner executing on the system. 

16. (Original) The method, as set forth in claim 12, wherein specifying at least one 
attribute of the specified vulnerability comprises specifying an identification of the severity 
associated with a breach of the specified vulnerability. 

17. (Original) The method, as set forth in claim 12, wherein specifying at least one 
attribute of the specified vulnerability comprises specifying an explanation of why the 
specified vulnerability is important. 

18. (Original) The method, as set forth in claim 12, wherein specifying at least one 
attribute of the specified vulnerability comprises specifying how information is to be reported 
to a user in response to detecting the specified vulnerability. 

19. (Original) The method, as set forth in claim 12, wherein specifying at least one 
attribute of the specified vulnerability comprises specifying an application operable to 
respond to a detection of the specified vulnerability. 
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20. (Currently amended) A system of defining security vulnerabilities of a 
computer system, comprising: 

a human-readable and machine-readable vulnerability description language (VT>T.) file 
containing a definition of at least one vulnerability^,]] and a definition of at least one policy 
item for detecting the vulnerability; 

an interpreter operable to parse the at least one vulnerability definition and at least one 
policy item definition in the vulnerabili t y description VDT, file and organize the parsed 
definitions pursuant to a predetermined format; and 

a data storage operable to store the parsed and organized at least one vulnerability and 
at least one policy item definition, wherein the data storage is accessible by at least one 
vulnerability scanner application. 

21. (Original) The system, as set forth in claim 20, wherein the data storage is a 
relational database having a plurality of tables. 

22. (Currently amended) The system, as set forth in claim 20, wherein the 
vulnerability desciiption VDT, file further comprises a definition of a vulnerability scanner 
application. 

23. (Currently amended) The system, as set forth in claim 20, wherein the 
vulnerability description VDT. file further comprises a definition of a security category 
providing a grouping of the at least one vulnerability, and a definition of a policy group 
providing a grouping of the at least one policy item. 

24. (Currently amended) The system, as set forth in claim 20, wherein the 
vulnerability description YDL file further comprises a definition of at least one attribute of 
the at least one vulnerability. 

25. (Currently amended) The system, as set forth in claim 20, wherein the 
vulnerability description VDT. file further comprises an identification of the severity of risk 
associated with the at least one vulnerability. 
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26. (Currently amended) The system, as set forth in claim 20, wherein the 
vulnerability desciiption VDT, file further comprises a definition of how information is to be 
displayed to a user with respect to the at least one vulnerability. 

27. (Currently amended) The system, as set forth in claim 20, wherein the 
vulnerability description VDT, file further comprises a definition of an application operable to 
respond to detecting the at least one vulnerability. 
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